aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/legacy
Commit message (Collapse)AuthorAgeFilesLines
...
* | Do not include non-required scripts on the upgrade pageJulius Härtl2020-12-151-1/+1
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Add sanitizers for JSON outputLukas Reschke2020-12-112-0/+3
| | | | | | | | | | | | | | Those functions set proper content-types that prevent rendering of data. Therefore it's safe to mark them as sanitizers. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | Merge pull request #24398 from nextcloud/fix/do-not-update-incompatible-appJoas Schilling2020-12-091-0/+9
|\ \ | | | | | | Do not update incompatible apps
| * | Do not update incompatible appsChristoph Wurst2020-12-041-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously there was no (platform) dependency check for an app that was installed before. So Nextcloud happily upgraded an app that now requires a php version newer than the current one. Which means in the lucky case you see a failing upgrade due to the language incompatibility, or in the unlucky case you see unexpected errors later in production. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | | GD imagesRoeland Jago Douma2020-12-071-2/+15
|/ / | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Fix the download of multiple files from the webUIRoeland Jago Douma2020-12-031-0/+1
| | | | | | | | | | | | needed a setupFS call Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Remove the deprecated update.phpChristoph Wurst2020-11-271-5/+0
| | | | | | | | | | | | | | | | * It was documented as deprecated. * The app code checker warned about it * It's been three years Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Fix typo in @deprecated PHPDoc tagMorris Jobke2020-11-241-2/+2
| | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | Merge pull request #24269 from nextcloud/taint-specializeRoeland Jago Douma2020-11-221-0/+2
|\ \ | | | | | | Mark getAppPath as specialized taint
| * | Mark getAppPath as specialized taintLukas Reschke2020-11-211-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | Should remove some false positives. https://psalm.dev/docs/security_analysis/avoiding_false_positives/ Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | | Mark cleanAppId as sanitizer for includeLukas Reschke2020-11-211-0/+1
|/ / | | | | | | | | | | Should remove a bunch of false positive code scanning results. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | Add Psalm Taint Flow AnalysisLukas Reschke2020-11-201-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the Psalm Security Analysis, as described at https://psalm.dev/docs/security_analysis/ It also adds a plugin for adding input into AppFramework. The results can be viewed in the GitHub Security tab at https://github.com/nextcloud/server/security/code-scanning **Q&A:** Q: Why do you not use the shipped Psalm version? A: I do a lot of changes to the Psalm Taint behaviour. Using released versions is not gonna get us the results we want. Q: How do I improve false positives? A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/ Q: How do I add custom sources? A: https://psalm.dev/docs/security_analysis/custom_taint_sources/ Q: We should run this on apps! A: Yes. Q: What will change in Psalm? A: Quite some of the PHP core functions are not yet marked to propagate the taint. This leads to results where the taint flow is lost. That's something that I am currently working on. Q: Why is the plugin MIT licensed? A: Because its the first of its kind (based on GitHub Code Search) and I want other people to copy it if they want to. Security is for all :) Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | Merge pull request #24112 from ↵Christoph Wurst2020-11-161-0/+3
|\ \ | | | | | | | | | | | | nextcloud/bugfix/24099/setup-fs-before-query-storage-in-settings Set up FS before querying storage info in settings
| * | Set up FS before querying storage info in settingsVincent Petry2020-11-131-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The personal info section of the personal settings is querying the storage quota information. For this it requires the FS to be setup which is not always guaranteed. This fixes an issue where refreshing the settings page would cause it to fail after Redis caches are full. It is likely that when Redis cache is populated, some code path is initializing the FS, so it works so far. But when the cache is populated, that code path is skipped so the FS is not guaranteed to be setup... Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* | | Don't throw on SHOW VERSION queryJoas Schilling2020-11-161-1/+2
|/ / | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Merge pull request #23993 from nextcloud/bugfix/noid/close-cursorsMorris Jobke2020-11-102-0/+10
|\ \ | | | | | | Don't leave cursors open
| * | Don't leave cursors open when tests failJoas Schilling2020-11-092-0/+10
| | | | | | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | | Show the full trace of an exceptionChristoph Wurst2020-11-101-1/+1
|/ / | | | | | | | | | | | | | | Because often we catch the exception at some point and then the trace is misleading. What's really interesting is the trace of the *previous* exception. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Reduce the getAppPath and autoloader callsRoeland Jago Douma2020-11-071-3/+6
| | | | | | | | | | | | | | | | | | | | | | The getAppPath will always return the same data for the same appId. It is actually already cached. However we do some cleanup of the appId (again). Same for the autoloading it is actually already checked. This just removes the unneeded calls. Which can add up if you have a lot of incomming shares. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Merge pull request #23922 from nextcloud/bugfix/noid/fix-query-type-detectionMorris Jobke2020-11-061-6/+9
|\ \ | | | | | | Improve query type detection
| * | Improve query type detectionJoas Schilling2020-11-061-6/+9
| | | | | | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | | Merge pull request #23940 from nextcloud/enh/skip_already_loaded_appsMorris Jobke2020-11-061-3/+3
|\ \ \ | | | | | | | | Skip already loaded apps in loadApps
| * | | Skip already loaded apps in loadAppsRoeland Jago Douma2020-11-061-3/+3
| |/ / | | | | | | | | | | | | | | | | | | | | | Otherwise you might end up calling a lot of functions unneeded. And while the individual calls are cheap if you multiply them by 20k they still get somewhat expensive. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* / / Deprecate OC_DB::prepare and OC_DB::executeAudited as they leak cursorsJoas Schilling2020-11-061-0/+2
|/ / | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Use lib instead if core as l10n module in OC_FilesMorris Jobke2020-10-271-3/+3
| | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | Only use index of mount point when it is thereJoas Schilling2020-10-211-1/+5
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Format code to a single space around binary operatorsChristoph Wurst2020-10-0510-33/+33
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | add mount point to quota warning messageRobin Appelman2020-10-041-1/+3
|/ | | | | | makes it more clear to the user what the quota applies to Signed-off-by: Robin Appelman <robin@icewind.nl>
* Change 0 to null to properly encode image to BMP if the first pixel is blackMorris Jobke2020-09-101-1/+1
| | | | | | Ref #22288 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* show better quota warning for group folders and external storageRobin Appelman2020-08-251-1/+3
| | | | | | instead of showing the generic 'Your storage is full' message, better explain that it's the group folder/external storage that is full Signed-off-by: Robin Appelman <robin@icewind.nl>
* Update the license headers for Nextcloud 20Christoph Wurst2020-08-242-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Don't use deprecated getIniWrapper() anymoreJoas Schilling2020-08-203-6/+9
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #22280 from nextcloud/bugfix/noid/429-on-brute-force-maximumMorris Jobke2020-08-191-1/+1
|\ | | | | Send "429 Too Many Requests" in case of brute force protection
| * Fix the return type of OC_Template->fetchPage() to be string onlyMorris Jobke2020-08-191-1/+1
| | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | Cast float/char to int to avoid invalid scalar argument warningMorris Jobke2020-08-181-2/+2
|/ | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Merge pull request #22271 from ↵Roeland Jago Douma2020-08-171-1/+0
|\ | | | | | | | | nextcloud/phpdoc/22063/add-interface-method-and-phpdoc Properly add new methods to interface and document in PHPDoc for getR…
| * Properly add new methods to interface and document in PHPDoc for getRootMounts()Morris Jobke2020-08-171-1/+0
| | | | | | | | | | | | Introduced in #22063 and was just forgotten. Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | Fix "misplaced variables" warning of Psalm in PHPDoc statementsMorris Jobke2020-08-171-5/+5
|/ | | | | | Ref #21787 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Distribute preview folders in appdata in multibucket setup to multiple bucketsMorris Jobke2020-08-061-0/+11
| | | | | | | | | * introduces a new IRootMountProvider to register mount points inside the root storage * adds a AppdataPreviewObjectStoreStorage to handle the split between preview folders and bucket number Ref #22033 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Fix php cs checkJulius Härtl2020-08-051-1/+0
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Allow default app to be overwritten by user configJulius Härtl2020-08-051-2/+14
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Set Dashboard as default appJan C. Borchardt2020-08-051-1/+1
| | | | Signed-off-by: Jan C. Borchardt <hey@jancborchardt.net>
* Remove outdated legacy search scriptsJohn Molakvoæ (skjnldsv)2020-08-041-3/+0
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Allow user backends to specify a custom logout urlRoeland Jago Douma2020-07-231-0/+8
| | | | | | * Allows SSO backends to do a global logout Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #21850 from ↵Morris Jobke2020-07-201-2/+48
|\ | | | | | | | | nextcloud/techdebt/noid/register-alternative-logins Allow to register AlternativeLogin on RegistrationContext
| * Allow to register AlternativeLogin on RegistrationContextJoas Schilling2020-07-161-2/+48
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Add constants for the magic strings of template renderingJoas Schilling2020-07-161-2/+3
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Do not load app.php if Application implements IBootstrapMorris Jobke2020-07-141-4/+11
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Fix regression in return value of OC_Util::checkDataDirectoryPermissions due ↵Morris Jobke2020-07-091-2/+2
| | | | | | to #21761 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Kill another unneeded translationRoeland Jago Douma2020-07-081-7/+5
| | | | | | We should only translate things when we actually need them. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-05 08:38:00 +0000